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ABSTRACT 



A new type of data transport service which uses a frame 
relay layer 2 data link connection identifier (DLCI) to select 
among various service types, feature sets, and/or closed user 
groups (CUGs). A layer 3 address may be extracted from a 
layer 2 frame, and the layer 3 address information may be 
used to route a data packet over a packet-switched network 
according to the service classes, feature sets, and/or CUGs 
selected. At the destination, the layer 3 data packet may 
again be enclosed in a layer 2 frame with a DLCI indicating 
the service classes, features sets, and/or CUGs. Because the 
use of conventional permanent virtual circuits (PVCs) is not 
required in aspects of the invention, new methods of mea- 
suring and managing network traffic are presented. 

31 Claims, 10 Drawing Sheets 
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TRAFFIC MANAGEMENT FOR FRAME At the UNI 920, the frame is checked for validity to 

RELAY SWITCHED DATA SERVICE determine if there is a predefined PVC associated with the 

DLCI 912. If so, the frame 914 is then forwarded on that 

The present application claims priority from copending pvc thnmgb the network along the same path and in the 

provisional application Ser. No. 60/051,564 entitled 5 same order as other frames with that DLCI, as depicted in 

"FRAME RELAY SWITCHED DATA SERVICE" filed on F1G * 2 ' ^ la y er 2 frame informatlon remains as the packet 

Jul. 3, 1997, herein incorporated by reference, and is related . me * m * r ? la V net f work wl f lher thls ? etwork u 15 

by subject matter to concurrently filed U.S. patent applica- impkmeatodjs a frame relay network or other 

*• o kt no/noo icn « -.i a «m[uc nYrr av network such as an ATM network. The frame is carried to its 

f ,n destinationwithou.anyfurtherroutingdecisionsbeingmade 

SWITCHED DATA SERVICE by the same inventors. 10 {q ^ ^ pcs fc checked A , he &gKS& UN[> and 

BACKGROUND OF THE INVENTION ^ tne f rame * s 001 corrupted, it is then output to the UNI 

associated with the end user. 

1 . Technical Field As is well known in the art, FIGS. 1-3 provide exemplary 
The present invention is directed to systems and methods diagrams of how the frame relay data packets are assembled 

for implementing improved network architectures, and more 15 at the various ISO layers using the example of TCP/IP 

specifically to systems and methods for routing internet protocol transport over a frame relay data link layer. The 

protocol (IP) packets using modified frame relay protocols. example shows how the user data at the application layer is 

2. Description of the Related Arts "wrapped" in succeeding envelopes, making up the PDUs, 

. t , . . ,„ , , as it passes down the protocol stack. Specifically, the com- 

Recently, the popularity of large meshed networks has 20 Uion of ^ Header fic]d ^ ded for detail and is 

been increasing. However, large-scale highly-meshed net- shown in FIG 5 Xhc data link conncction identifier (DLCI) 
works can be difficult to implement, maintain, and manage ficld ^^5^ 10 bits spread over the first and second octet, 
using conventional network technologies. and al j ows f or 10 23 possible addresses, of which some are 
An example of a conventional mesh configuration is reserved for specific uses by the standards. As shown in FIG, 
shown in FIG. 1, A wide-area network (WAN) 900 includes 2 5 3, the DLCI is added to the frame relay header according to 
a plurality of routers R A , Rp, R C) R 0 , (customer premises what destination IP address is specified in the IP packet. This 
equipment (CPE)) respectively disposed at a plurality of end decision about what DLCI is chosen is made by the CPE, 
user locations A, B, C, and D and interconnected to a service usuually a router, based on configuration information pro- 
provider's network (SPN) 901 via respective user-network vided by the customer that provides a mapping of IP 
interfaces (UNI) 920-1, -2, . . . , -n. The user-network 30 addresses into the PVCs that connect the current location 
interfaces 920 may be variously configured to be, for with others across the WAN 900. 

example, an asynchronous transfer mode (ATM) switch In conventional frame relay, a layer 2 Q.922 frame carries 

having a frame relay interface to CPE. Connecting the sites the layer 3 customer data packet across the network in a 

together are logical paths called, for example, permanent permanent virtual circuit (PVQ which is identified by a data 

virtual circuits (PVCs) P^. 0 P^.^,, P B _ 0 , V A . B , P C . B , that are 35 link connection identifier (DLCI). Thus, the DLCIs are used 

characterized by their endpoints at the UNIs 920-1, by the customer as addresses that select the proper PVC to 

920-2, . . . , 920-n and a guaranteed bandwidth called the carry the data to the desired destination. The customer data 

committed information rate (CIR). packet is carried across the network transparently and its 

FIG. 2 provides a detailed view of the flow of data across contents is never examined by the network, 

the WAN 900. There exists a plurality of layers of protocol 40 The conventional meshed frame relay network discussed 

over which communications may occur. For example, the above has a number of limitations. For example, every time 

well-known layers of the International Standards Organiza- a new end user location is added to the meshed network, a 

lion's (ISO) Open Systems Interconnect Model having lay- new connection is required to be added to every other end 

ers from a physical layer (layer 1), a datalink layer (layer 2), user location. Consequently, all of the routing tables must be 

a network layer (layer 4), up through and including an 45 updated at every end user location. Thus, a "ripple" effect 

application layer (layer 7). Under this model, user data 902 propagates across the entire network whenever there is a 

is generated by a user application running at the application change in the network topology. For large networks with 

layer 903, At the transport layer (layer 4) 904, a source and thousands of end user locations, this ripple effect creates a 

destination port address 906 (as part of the TCP header large burden on both the network provided to supply enough 

(layer 4)) may be added to the user data 902. At the network 50 permanent virtual circuits (PVCs) and on the network cus- 

layer (layer 3) 905, an additional header (i.e., an IP header tomers in updating all of their routing tables. Further, most 

(layer 3)) containing source and destination IP addresses) routers are limited to peering with a maximum of 10 other 

908 may be added. Thus, the layer 3 user data field includes routers which makes this network topology difficult to 

the layer 4 user data 902 plus the layer 4 header 906. The implement. As networks grow in size, the number of PVCs 

layer 3 protocol data unit (PDU) 902, 906, 908, which makes 55 customers need to manage and map to DLCIs increases, 

up, for example, an IP packet 950, is then passed down to Further complicating the problem is a trend toward increas- 

layer 2 909 in the CPE (routers R„, R B , R c , R 0 ) that ing "meshedness" of networks, meaning more sites are 

interfaces to the SPN 901 . In the router, a table maps one or directly connected to each other. The result is a growth in the 

more IP addresses (layer 3) 908 to an appropriate PVC or number and mesh of PVCs in networks that does not scale 

PVCs (P A . C , P A . D , P B . D , P^.tf. P C -b)- The router table is 60 well with current network technologies, 

maintained by the customer. Once the correct PVC is located A possible solution for handling large meshed networks is 

in the routing table, the corresponding data link connection to use a virtual private network (VPN) which interconnects 

identifier (DLCI) (layer 2) 912 is coded into the header of end user locations using encrypted traffic sent via u tunnel- 

the frame relay frame 914 (packet). Thereafter, the remain- ing" over the internet. However, VPNs are not widely 

der of the frame relay frame is included and a frame check 65 supported by internet service providers (ISPs), have erratic 

sum (FCS) is computed. The frame is then passed down to information rates, and present a number of security con- 

the physical layer and transmitted to the SPN 901. cerns. 
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Another possible solution is the use of frame relay based customers because, unlike that of conventional frame relay, 

switched virtual circuits (SVCs). While PVCs (discussed customers no longer need to update their local DLCI tables 

above) are usually defined on a subscription basis and are each time a network customer with whom they wish to 

analogous to leased lines, SVCs are temporary, defined on an communicate is added or removed from the network. Thus, 

as-needed basis, and are analogous to telephone calls. 5 the customer's burden of network administration is substan- 

However, SVCs require continuous communications tially reduced. 

between all routers in the system to coordinate the SVCs. In sub-aspects of the invention, some DLCIs may be used 
Further, because the tables mapping IP addresses to SVC to select among service categories ("service category 
addresses are typically manually maintained, SVCs are often DLCIs") while in the same network other DLCIs may be 
impractical for large highly-meshed networks. Security is a 10 US ed to select conventional PVCs and/or SVCs 
major concern for SVC networks where tables are misman- ("conventional DLCIs"). In other words, conventional frame 
aged or the network is spoofed. Further, frame SVCs are re i av may be mixed with aspects of the present invention 
difficult to interwork with asynchronous transfer mode within the same network, allowing aspects of the present 
(ATM) SVCs, invention to be incrementally implemented in existing con- 
None of the above solutions adequately address the grow- is ventional frame relay networks, 
ing demand for large mesh networks. Accordingly, there is \ n further aspects of the invention, addressing contained 
a need for network architectures which enable implementa- i n multiple layers (e.g., as defined by the Open System 
tion of large mesh networks having security, low mainte- Interconnection model) are compared with each other in a 
nance costs, efficient operations, and scalability. network to determine routing errors. If the addressing in the 

20 layers are consistent with each other, then the associated data 

SUMMARY OF THE INVENTION ^ routcd without interrU ption. On the other hand, if the 

Aspects of the present invention solve one or more of the addressing in the layers is inconsistent with each other, the 

above-stated problems and/or provide improved systems associated data may be specially handled. For example, the 

and methods for implementing a network architecture. , data ma Y bc discarded, sent to a pre -determined address, 

A , e a * * _ *.i a > r and/or returned to the sender. This address comparison may 

A new type of data transport service takes advantage of t , , .. 1 1 

• t ' * c c i f m • • be applied to the sending address and/or the destination 

the existing base of frame relay customer premises equip- . . * . r «,* 1 i j. 

. /mr\ j . — u-i «? • _ u ■ L address. An advantage or this multiple layer address com- 
ment (CPE) and customers while offering a new mechanism . . . , 6 . • • . ^ • 

c *j * Li • ♦ ♦ «u « parison is that network security is increased. For instance, 

for providing extensible service features to those customers. r , , , „ a , . I 

, f ° a * 1*1 » -a /pit m \ problems such as spoofing " which is the practice of 

In the new service, data link connection identifiers (DLCIs) 30 r . .,. F . & F , 

■ j. 1 , , . . ' purposely providing an incorrect sending internet protocol 

may be used by the CPE to select among service types, *L * v * , „ , , 6 , 

, . a 1 a /r^\ ir> \ Tu m 01 ■ (IP) address, are better controlled by such a method, 

feature sets, and closed user groups (CUGs). The DLCI is v ' ' ' 

used in the layer 2 frame that conveys the user data to the In sti11 farther as P ects of the invention, routing look-up 

network. The layer 3 user data packet is extracted from the tables Wlthin the network are separated such that, for 

layer 2 frame and the layer 3 address information for the 35 example, each customer, closed user group (CUG), extranet, 

(mutable) protocol is used to route the user data packet over and/or intranet may have its own private partition and/or 

a high-performance packet switched network, according to se P arate table - ^ 0311 P r0Vlde & C ^ T network speed 

the service class/feature set selected by the DLCI. At the because a ™ ter need not scan the entire available address 

destination, the layer 3 data packet is again enclosed in a s P ace for a11 network customers at once. Furthermore, data 

layer 2 frame with a DLCI that indicates to which service 40 securit y 15 im P roved because the risk of sendlD S data t0 a 

group it belongs. The frame is then forwarded to the CPE. wron S recipient is reduced. 

Use of this technique will allow the existing frame relay In yet further aspects of the invention, layer 3 and/or layer 

CPE to support, over the same physical interface, conven- 4 IP address information is utilized to route the fast packets 

tional frame relay service with a range of DLCIs that are through the network. 

linked to logical paths such as permanent virtual circuit 45 In even further aspects of the invention, new network 

(PVCs), as well as a range of DLCIs that are linked to traffic management techniques and measurements are 

service and/or feature sets. This will allow a robust method defined. For example, in some traffic-management aspects of 

for extension of new services to the frame relay installed the invention, committed delivery rates (CDRs) may be 

base, with minimal impact to existing customer equipment. assigned to one or more UNIs. A CDR is the average 

In some aspects of the invention, frame relay DLCIs are 50 minimum data rate that is guaranteed to be delivered to a 

used for selecting among various "service categories." This given UNI when sufficient traffic is being sent to the UNI. In 

differs significantly from conventional frame relay, which further traffic-management aspects of the invention, a des- 

uses DLCIs only to select PVCs and/or switched virtual tination rate share (DRS) is assigned to one or more UNIs. 

circuits (SVCs). Service categories may include, but are not The DRS may be used to determine the share of traffic that 

limited to, communication via the public internet, commu- 55 a given UNI may send through the network. If several UNIs 

nication via a local intranet, communication within a closed are simultaneously offering to send traffic to the same 

user group (CUG), communication with an extranet (e.g., a destination UNI, then each sending UNFs share of the 

network of trusted suppliers or corporate trading partners), network may be determined by its own DRS and the DRSs 

live audio/video transmission, multicasting, telephony over of the other sending UNIs. 

internet protocol (IP), or any combination thereof. Thus, the 60 These and other features of the invention will be apparent 

concept of a frame relay PVC is significantly expanded by upon consideration of the following detailed description of 

aspects of the present invention. For example, the location of preferred embodiments. Although the invention has been 

an intended network endpoint recipient is not necessarily defined using the appended claims, these claims are exern- 

determined by a DLCI at a sending network endpoint. The plary in that the invention is intended to include the elements 

DLCI may represent a service category with the intended 65 and steps described herein in any combination or subcom- 

recipient indicated by an IP address within the frame relay bination. Accordingly, there are any number of alternative 

packet. This results in a significant benefit to network combinations for defining the invention, which incorporate 
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one or more elements from the specification, including the 
description, claims, and drawings, in various combinations 
or subcombinations. It will be apparent to those skilled in 
network theory and design, in light of the present 
specification, that alternate combinations of aspects of the 5 
invention, either alone or in combination with one or more 
elements or steps defined herein, may be utilized as modi- 
fications or alterations of the invention or as part of the 
invention. It is intended that the written description of the 
invention contained herein covers all such modifications and 10 
alterations. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The foregoing summary of the invention, as well as the ^ 
following detailed description of preferred embodiments, is 
belter understood when read in connection with the accom- 
panying drawings. For the purpose of illustration, embodi- 
ments showing one or more aspects of the invention are 
shown in the drawings. These exemplary embodiments, 
however, are not intended to limit the invention solely 
thereto. 

FIG. 1 illustrates a wide area network (WAN) having 
routers as CPEs and PVCs between customer locations. 
FIG, 2 shows data flow through the WAN shown in FIG. 25 

1. 

FIGS. 3-5 show the construction and flow of data packets 
through the network. 

FIG. 6 shows a block diagram of a network architecture 
in accordance with aspects of the present invention. 30 

FIG. 7 shows a detailed block diagram of the network 
illustrated in FIG. 6. 

FIGS. 8A-8B shows a migration path for incorporating 
aspects of the invention into convention network architec- 35 
tures. 

FIG. 9 shows data flow through the network architecture 
of FIG. 6. 

FIG. 10 shows application based prioritization through 
the network architecture of FIG. 6. 40 

FIG. 11 illustrates an exemplary embodiment of a means 
to apportion services through the network of FIG. 6. 

FIGS. 12-14 illustrate data flow through exemplary 
WANs 1. 

45 

DETAILED DESCRIPTION OF PREFERRED 
EMBODIMENTS 

Exemplary embodiments of the present invention allow 
the large installed base of frame relay customer premises 50 
equipment (CPE) to be maintained by using the same 
interface in a different way to deliver new sets of services 
and features to the customer. For example, the data link 
connection identifier (DLCI) known from the frame relay 
protocol may be used to select among several virtual private 55 
networks with differing address spaces, feature sets, and/or 
conventional permanent virtual circuits (PVCs). 

Referring to FIG. 7, a block diagram of a wide area 
network (WAN) 1 incorporating aspects of the present 
invention is shown. The WAN 1 includes a plurality of 60 
customer premise equipment (CPE) system, for example 
routers located at each of the end user locations and inter- 
connected via one or more service provider's networks 
(SPNs) 500. The SPN 500 is typically connected to a 
plurality of endpoint routers 919 via a plurality of corre- 65 
sponding user network interfaces (UNIs) 402 and/or one or 
more internet protocol (IP) switches 502. The IP switches 
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502, UNIs 402, and/or routers/switches 501 may be inter- 
connected so as to form a meshed network (e.g., a partial or 
fully meshed network). Additionally, the wide area network 
(WAN) 1 may contain any number of IP switches 502 
located within the WAN 1 such that it is not connected 
directly to any endpoint routers 919, and/or one or more IP 
switches 502 may be located at an interface between the 
SPN 500 and an endpoint router 919. In further embodi- 
ments of the invention, there may be multiple endpoint 
routers 919 associated with a UNI 402/IP switch 502 and/or 
multiple UNIs 402/IP switches 502 associated with an 
endpoint router 919. 

The network architecture of the WAN 1 allows the num- 
ber of IP switches to increase as customers are transitioned 
to the new service. For example, as shown in FIG. 8 A, 
initially there may be only a small number (e.g., one, two, 
three, etc.) of IP switches installed in the system. Where only 
a small number of IP switches are included in the network, 
traffic originating from non-IP enabled UNIs 402 (e.g., UNI 
A) may be routed to an IP switch 502 elsewhere in the 
network. Although this creates some negligible inefficien- 
cies in "backtracking" it nonetheless allows a migration path 
to the new network architecture without simultaneously 
replacing all routers 501. However, as more and more users 
are transitioned to the new network architecture of WAN 1, 
more and more IP switches can be added (FIG. 8B) to 
accommodate the increased load. In many embodiments, it 
may be desirable to eventually convert each UNI 402 to an 
IP switch 502 such that IP routing may be accomplished at 
the edge of the network. 

In some embodiments, the WAN 1 may include a com- 
bination of conventional network switches and/or routers 
501 in addition to IP switches 502. On the other hand, every 
switch in the SPN 500 may be an IP switch 502. 
Alternatively, the WAN 1 may contain only a single IP 
switch 502. The IP switches 502 may be variously config- 
ured to include a suitable multi-layer routing switch such as 
a Tag Switch from Cisco, Multi layer routing switches may 
also be utilized from vendors such as Ipsilon, Toshiba, IBM, 
and/or Telecom. IP switches are currently being developed 
to replace endpoint routers so that customer premise equip- 
ment (e.g., Ethernet local area network (LAN) equipment) 
can connect directly to an asynchronous transfer mode 
(ATM) network. Aspects of the present invention propose 
using IP switches in a different manner to maintain the huge 
installed base of customer premise equipment while avoid- 
ing the limitations of previous systems. Accordingly, the IP 
switches in accordance with embodiments of the invention 
are disposed within the SPN 500 and modified to provide 
suitable routing and interface functions. 

In some embodiments of the invention, an IP switch 502 
acts as a multi-layer switch. For example, an IP switch 502 
may receive ATM cells, swilching some or all of the ATM 
cells based upon the content of IP packets encapsulated 
within the ATM cells. Thus, IP addressing may be used by 
an IP switch 502 to determine an ATM virtual path for 
sending ATM cells to a destination UNI 402. In further 
embodiments of the invention, higher layer addressing (e.g., 
transmission control program (TCP) logical ports at layer 4) 
may also be used by an IP switch 502 as a basis for switching 
ATM cells to provide a path through the SPN 500. In still 
further embodiments of the invention, an IP switch 502 uses 
IP addresses and/or TCP logical ports to make quality of 
service (QOS) decisions. 

In further embodiments of the invention, an endpoint 
router 919 may encapsulate one or more IP packets in frame 
relay frame 914. In this event, the frame relay frames may 
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be transmitted between an endpoint router 919 and a corre- 3 and 4 about which virtual private network (VPN), service 

sponding UNI 402 and/or IP switch 502. The endpoint router class, or conventional PVC the packet should be routed to. 

919 encapsulates IP packets 950 with frame relay frames Thus, a packet with layer 4 information indicating it is a 

914. Further, the endpoint router 919 may set the DLC1 of telnet (interactive) application and layer 3 information that 

each frame relay frame 914 according to a particular service 5 it is an internal company address might go to VPN A for a 

category (if a service category DLCI is used) that the user low-delay intranet class of service. Another packet that is 

has selected. For example, the various service categories part of a file transfer protocol (FTP) file transfer might go to 

may include the public internet, communication via a local VPN B with a lower service class, and a third packet going 

intranet, communication within a closed user group (CUG), between two heavily utilized applications might go on a 

communication with an extranet (e.g., a network of trusted 1Q dedicated PVC D. These decisions are coded as different 

suppliers or corporate trading partners), live audio/video DLCI values, inserted in the layer 2 frame, and sent into the 

transmission, multicasting, telephony over internet protocol tjnj 

(IP), or any combination thereof. Thus, the concept of a At the UNI A402, the switching based on the DLCI takes 

frame relay PVC is significantly expanded by aspects of the placet packet may 5e routed to Ip switch 502 ^ t he 

present invention. For example, the location of an intended 15 center of the SPN 500 ^ fiist packet has its layer 2 frame 

network endpoint recipient is not necessarily determined by stripped off as it is forwarded to VPN A. Within VPN A, the 

a DLCI at the endpoint routers 919. layer 3 address ^ now used t0 make routing decisions that 

In further embodiments of the invention, a UNI 402 may sen d the packet to its destination UNI. Thus, no PVC need 

receive frame relay frames 914 from an endpoint router 919 be established ahead of time for that path, and conventional 

and divides and encapsulates frame relay frames into, for 20 routing methods and protocols can be used, as well as newer 

example, smaller fixed-length ATM cells. The UNI 402 may "short-cut" routing techniques. This permits VPN A to 

further translates the frame relay DLCI into an ATM address provide a high "mesh" of connectivity between sites without 

(e.g. , a virtual path identifier/virtual channel identifier (VPI/ requiring the customer to configure and maintain the "mesh" 

VCI)). There are various methods which may be used to as a large number of PVCs. The packet forwarded to VPN 

translate DLCIs to VPI/VCIs. For example, the Network 25 B is treated similarly except that VPN B is implemented 

Interworking Standard as defined in Implementation Agree- w j t h a lower service class (e.g. higher delay). Finally, the 

ment #5 of the Frame Relay Forum, and/or the Service packet forwarded to PVC D has its layer 2 frame intact and 

Interworking Standard as defined in Implementation Agree- passes through the network as a conventional frame relay 

ment #8 of the Frame Relay Forum may be utilized. An ATM frame< j^is allows customers to maintain their current 

address associated with a service category DLCIs defines an 30 connectivity of PVCs for their high utilization traffic paths, 

ATM virtual path via network routers to an IP switch 502. but still have a high mesh of connectivity through various 

Thus, ATM data associated with a service category DLCI is VPNs. 

ultimately sent to an IP switch 502. However, ATM data ThuS) in various of the invention, the WAN 1 

associated with a conventional DLCI may or may not be sent and/or spN 500 may be any sujtab i e fast packel nei work 

to an IP switch 502 and may be routed through the network 35 rece iving frame relay data packets having user data in a user 

without passing through an IP switch 502. Thus, both data field ^ WAN x and/or SPN 500 then swilches 

translated IP data and conventional PVC data may be present packets using one or more Ip switches 502 responsive to the 

in the SPN 500 and/or WAN 1. user data j^t user data may be used to discriminate between 

In further embodiments of the invention, a UNI 402 a plurality of different service categories based on the user 

and/or a network router 501 may send data to a predeter- 40 data. Routing over the WAN 1 and/or SPN 500 may be 

mined IP switch 502. In even further embodiments of the responsive to at least one of the different service categories 

invention, a UNI 402 and/or a network router 501 selects including discriminating based on multicast data, 

which IP switch 502 to send data to based upon an algorithm Additionally, the WAN may generate a fast packet address 

(e.g., based on network traffic flows, the relative distance/ fl e j d responsive to the IP packet data and route the IP packet 

location of an IP switch 502, the type of data being sent, 45 through the fast packet network responsive to the fast packet 

and/or the service category selected). In still further embodi- address field. Further, layer 4 information may be utilized to 

ments of the invention, a UNI 402, network router 501, determine the quality of service. The quality of service may 

and/or IP switch 502 may send the same data to more than include, for example, one or more of the following: an 

one UNI 402, network router 501, and/or IP switch 502, information rate, priority information, delay, loss, 

depending upon, for example, a service category or catego- 50 availability, etc. Security features may be implemented in 

nes - the IP switch such that routing tables for each of the users 

In further embodiments of the invention, a UNI 402, an IP are separated based on one or more service categories and/or 

switch 502, and/or a network router 501 compares an ATM users. In this manner the system is made more secure. Still 

VPI/VCI 303-305 address with an IP address for the same further, the system may receive a plurality of frame relay 

data. If the two addresses are inconsistent, then the ATM cell 55 packets over a permanent virtual circuit (PVC) at a first node 

may be discarded, sent to a predetermined address, and/or in an asynchronous transfer mode (ATM) network, generate 

returned to the sending location. In even further embodi- an ATM address based on a data field other than a data fink 

ments of the invention, layers above the layer 3 IP layer may connection identifier (DLCI) within the frame relay packets, 

be used for address and/or service class generation/ and then route the packets through the ATM network based 

discrimination. For example layer 4 of the ISO addressing 60 on the ATM address. The routing of packets may be respon- 

scheme and/or other application level data may be utilized to sive to one of a plurality of service categories. The system 

determine particular service classes. may provide separate routing tables within an ATM switch 

Referring specifically to FIG. 9, the path of user data for each of a plurality of different service categories. The 
flowing through an exemplary WAN 1 is shown. As in the different service categories may be determined using inter- 
frame relay case, user data at the application layer and layer 65 net protocol (IP) data within a data field of a packet passed 
4 requires the addition of a layer 3 network address header. by the ATM switch. In a fast packet network, a fast packet 
In the CPE a decision is made based on information in layers switch may compare an address of a fast packet with a layer 



Page 15 (SHom, 04/21/2001, EAST Version: 1.01.0015) 



US 6,188,671 Bl 



10 



3 internet protocol (IP) address contained within the fast 
packet and determining whether the fast packet address is 
consistent with the layer 3 IP address. Further, for security, 
hardware circuits and/or software may be provided for 
examination of a sending address or a destination address. 
Further, packets may be discarded responsive to an incon- 
sistency being detected. The WAN 1 may include customer 
premises equipment (CPE) and an asynchronous transfer 
mode (ATM) switch coupled to and receiving from the CPE 
frame relay data packets, and including address translation 
circuitry for translating data link connection identifiers from 
the frame relay data packets into ATM addresses represent- 
ing a plurality of virtual private networks based on a 
predetermined service category associated with a particular 
DLCI; on the WAN 1 may include customer premises 
equipment (CPE) and a fast packet switch coupled to the 
CPE via one or more permanent virtual circuits and receiv- 
ing frame relay data packets, the fast packet switch including 
address translation circuitry for translating user data within 
the frame relay data packets into fast packet addresses. 

In embodiments of the present invention, data security is 
enhanced in that data may be easily and accurately checked 
for inconsistencies at the destination. This is because these 
embodiments operate using both layer 2 and layer 3 address- 
ing information. As an illustration, assume that a frame relay 
frame having a DLCI indicating VPN 1 (e.g., the corporate 
intranet) arrives in a network switch/router with an IP 
address of a particular corporate accounting system. 
However, since the VPN processor has available to it the 
DLCI of the packet (and thus information about the source 
of the packet), the VPN processor may cross-check the 
DLCI with the source IP address in the packet to see if the 
source IP address is in the range known from the originating 
site. Thus, the problem associated with the spoofing of IP 
source addresses may be significantly reduced. 

In still further embodiments of the invention, a UNI 402, 
an IP switch 502, and/or a network router 501 has separate 
and/or partitioned routing look-up tables. Routing tables 
may be separated based upon service category, customer or 
user, and/or UNI 402. Thus, in some embodiments, within a 
VPN, a customer or user may have an individual routing 
table containing the customer's IP network address infor- 
mation. In some embodiments, since the DLCI identifies the 
source of a frame, the DLCI may be used as an index by an 
IP switch, network router, and/or UNI for determining which 
routing table to use. This allows customers to have their 
routing table size and speed governed by their individual 
address space, thus speeding the routing process consider- 
ably. The use of separate routing tables also provides an 
added measure of security, as packets cannot be mis- routed 
due to errors or updates in routing information related to 
other customers. 

In some embodiments, a router has multiple data space 
images paired with a single instruction space image of the 
routing software. Thus, for example, as packets arrive from 
Customer A, the routing software uses the data image for a 
routing table associated with Customer A to make a routing 
decision. In further embodiments, a single software image is 
used, but additional indices corresponding to customers are 
added to the routing tables. In still further embodiments, 
instruction execution and data handling are processed sepa- 
rately. This may be accomplished by the use of separate 
processors, one for instruction execution and one for data 
handling. 

FIG. 12 illustrates an exemplary WAN 1 having both 
conventional routers and IP switches incorporating aspects 
of the invention. In this exemplary WAN 1, a routing 



element 1004 and switch 1003 are connected to Customer 
Site A via frame relay switch 1001. Routing element 1007 
and switch 1006 are connected to Customer Site B via frame 
relay switch 1009. Routing element 1012 and switch 1014 
are connected to Customer Site C via frame relay switch 
1016. Routing element 1013 and switch 1015 are connected 
to Customer Site D via frame relay switch 1017. In this 
exemplary WAN 1, incoming frames 1000 from Customer 
Site A may be encoded with a layer 2 DLCI specifying VPN 
#1 as the layer 2 destination and a layer 3 address pointing 
to Customer Site B. In such a case, frame relay switch 1001 
switches the frames over a frame relay trunk 1002 to switch 
1003 which has layer 3 routing element 1004 associated 
with it. After the frame is received by switch 1003, the frame 
is forwarded to router 1004 which implements short-cut 
routing as described above. The router/switch 1003, 1004 
uses the layer 2 information to discriminate between differ- 
ent source customers. The layer 2 information may then be 
discarded. Next, the layer 3 information in combination with 
a routing table is used to make a routing decision. In this 
case, the routing decision would result in a layer 3 PDU 1011 
being forwarded to router/switch 1006, 1007. The layer 3 
PDU 1011 is then encapsulated with a layer 2 frame, the 
frame in this case being addressed to Customer Site B. 
Switch 1006 then forwards the frame via a trunk 1008 to 
frame relay switch 1009. At the egress port of frame relay 
switch 1009, the DLQ of frame relay frame 1010 is replaced 
with a value indicating that the frame originated from, in this 
case, VPN #1 . The frame relay frame 1010 is then delivered 
to the Customer B router. 

As the service grows, the functionality for making the 
VPN routing decisions may be migrated closer to the 
customer and may eventually be present in every switching 
node, as shown in FIG. 13. This can reduce the backhaul 
previously needed to get to the router/switch processing 
nodes and allow for optimal routing using all the nodes in 
the WAN 1 and/or SPN 500. In the exemplary embodiment 
of FIG. 13, VPN #1 is connected to Customer Sites A, B, C, 
and D. Here, every switching node includes a switch 1501 
and a routing element 1502, frame relay frames 1500 having 
a DLCI directed to Customer Site B may be sent from 
Customer Site A, In such a case, frames 1503 would be sent 
through VPN#1 via switching nodes 1501, 1502, and frames 
1504 would be received at Customer Site B. 

In some embodiments, an ATM core network may be used 
for data transport, and frame relay interfaces may be used to 
interface with the customer. An exemplary embodiment 
using an ATM core network is shown in FIG. 14. In this 
embodiment, switch 2003 and router 2004 are connected to 
Customer Site A via switch 2000 and a frame relay/ATM 
conversion unit 2001. Switch 2019 and router 2018 are 
connected to Customer Site B via switch 2005 and frame 
relay/ATM conversion unit 2006. Switch 2012 and router 
2010 are connected to Customer Site C via switch 2015 and 
frame relay/ATM conversion unit 2014. Switch 2013 and 
router 2011 are connected to Customer Site D via switch 
2016 and frame relay/AIM conversion unit 2017 Assuming 
that Customer Site A is sending frames 2020 destined for 
Customer Site B, incoming layer 2 frames may be encap- 
60 sulated for transport into ATM cells at switch 2000 accord- 
ing to, for example, the Network Interworking Standard. 
Such encapsulation may, for example, occur in conversion 
unit 2001, external to ATM switch 2000. ATM cells 2002 
may be sent down an ATM PVC designated for VPN #1 
65 processing. ATM cells 2002 may then be forwarded to 
switch 2003 and router/switch 2004 (which may be attached 
to switch 2003), where the ATM cells may be reassembled 
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to obtain the layer 3 packet information for routing within 

VPN #1. Once the address information has been extracted r±cdr if Y Sj ±CDR\ 

from the layer 3 packet, the packet may be segmented again i 

into ATM cells 2009 that can be transferred through the ^ 

network. After being sent through router/switch 2018, 2019, 5 R = L 5 ' othcrwisc - 

ATM cells 2008 may be converted from cells to frames at the 

external conversion unit 2006 and switch 2005. Customer 

Site B would then receive frame relay frames 2021. Thus, an If the aggregate offered traffic rate 2S ( does not exceed the 

extra segmentation and reassembly (SAR) cycle may be CDR, then 100% of the offered traffic from each source i 

required when using an ATM backbone with a core of 10 ma y be delivered through the WAN 1 and/or SPN 500 to the 

router/switches. However, if the VPN processing is pushed destination. However, when the aggregate offered traffic rate 

outward to edge switches, the extra SAR cycle may be 2S £ exceeds the CDR, the WAN 1 and/or SPN 500 may have 

eliminated. The extra SAR cycle may be eliminated because the discretion to throttle back or reduce the delivery rate of 

conversion from frame relay frames to ATM cells may take offered traffic from some or all of the active sources, 

place in the same unit where VPN routing decisions are 15 Delivery may be reduced by an amount such that the total 

made. rate of traffic delivery R to a destination is at least equal to 

Traffic management may be variously configured in the the destination's assigned CDR. In the situation where R is 

WAN 1 and/or the SPN 500. For example, from a customer's reduced by the network, it may be desirable to enforce 

viewpoint, the WAN 1 and/or SPN 500 may ensure certain "fairness" for each source. In other words, it may be 

traffic rates for the customer. 2 o desirable to ensure that no single source may be allowed to 

In a network, data traffic may be sent from multiple be greedy by obtaining a disproportionate amount of net- 
sources to a single destination (multi-point to point). A work bandwidth at the expense of other sources, 
"source" is defined as the user transmitting side of, for To provide for fair access to the WAN 1 and/or SPN 500, 
example, a UNI (i.e., the customer side of a UNI, which may in some embodiments each source is assigned at least one 
be external to a WAN and/or to a VPN), a switch, an IP 25 destination rate share (DRS). A DRS is a rate, measured in 
switch, and/or a router at or near the edge of a network. A data units per unit of time (e.g., bits per second). A separate 
"destination" is defined as the user receiving side of, for DRS and/or set of DRSs may be assigned to each source 
example, a UNI (i.e., the network side of a UNI), a switch, and/or group of sources. Further, the DRS or DRSs for a 
an IP switch, and/or router at or near the edge of a network. given source may depend upon the destination or set of 
Traffic that is offered for transmission by a source to the 30 destinations that the source may send traffic to. In other 
WAN 1 and/or SPN 500 is defined as the "offered traffic." words, each source i may be assigned at least one DRS, 
Further, a "VPN source" and a "VPN destination" are a corresponding to the DRS assigned between a source i and 
source and destination, respectively, which belong to a given a given destination (or set of destinations). Thus, in some 
VPN. A given UNI, if simultaneously sending and receiving, embodiments, the DRS may be different for a given source 
may simultaneously be a source and a destination. 35 depending upon which destination it is sending traffic to. In 
Furthermore, a given source may offer data traffic to mul- further embodiments, the DRS for a given source may be 
tiple destinations, and a given destination may receive traffic constant, independent of the destination, 
from multiple sources. When a source i offers traffic at an average rate S ; 

In some embodiments of the invention, a committed exceeding the CDR of a particular destination, fairness may 

delivery rate (CDR) may be assigned to each destination. 40 be achieved by ensuring that each source is allowed to 

The CDR is defined as the average number of bits per second transmit at least its fair share of the CDR. A source's "fair 

that the WAN 1 and/or SPN 500 is committed to deliver to share" of the destination's CDR is defined as the source's 

a given destination, wherein the average may be calculated DRS divided by the aggregate DRS of active sources 

over a fixed or variable time window. Although the word transmitting to a given destination. Thus, each active 

"average" will be used throughout, any other similar algo- 45 source's fair share, r,-, of the CDR may be defined as the 

rithm may be used, such as the mean, the sum, or any other following: 
useful measurement and/or statistical calculation. If the 

average rate of aggregate offered traffic (i.e. the total offered DRS t 

traffic) from one or more sources to a given destination is n ~ £ DRSj 

greater than or equal to a given destination's assigned CDR, 50 
then the WAN 1 and/or SPN 500 may guarantee to deliver 

traffic addressed to the destination at an average rate equal actual netW0 rk transmission rate, T„ that the WAN 1 

to or greater than the CDR. If the average rate of aggregate and/or SPN 500 chooses as conforming traffic guaranteed to 

offered traffic is less than the CDR, then the WAN 1 and/or be delivered from each source to a given destination may 

SPN 500 may deliver the offered traffic to the destination at 55 satisfy the following: 
the aggregate offered traffic rate (100% of the offered traffic). 
To clarify, let the number of active sources sending traffic to 

a particular destination be N. As will be described in more when L Si * CDR ' Ti * mm(r " Sih 
detail below, a source may be considered "active" during a 

given time window if the source offers at least a threshold 60 

amount of traffic to the WAN 1 and/or SPN 500 within the Thus, in these embodiments the WAN 1 and/or SPN 500 

given time window. Let S, be the average offered traffic rate, may enforce fairness by reducing one or more sources' 

or "offering rate," from each source i toward a single given actual network transmission rate T, at most from S, to r„ 

destination, wherein i=[l, . . . , N]. Further, let R be the total ensuring that each source obtains its fair share of the CDR. 

rate at which the WAN 1 and/or SPN 500 actually delivers 65 In some embodiments, to achieve a rate of at least CDR, the 

traffic to the destination. Then, the WAN 1 and/or SPN 500 WAN 1 and/or SPN 500 may at its discretion transmit traffic 

will provide that: from a given active source or sources at a rate greater than 
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r,. In fact, the WAN 1 and/or SPN 500 may at its discretion 
transmit data from a source i at any rate between and 
including the fair share rate r ( - and the full offered rate S,-. 

If S, is greater than T,-, a source may be considered by the 
WAN 1 and/or SPN 500 to be a "non-conforming source." s 
Conformance of a source may be calculated using a standard 
leaky bucket algorithm with variable drain rate. Thus, the 
conforming "depth" of a "bucket" would be DRS,*W. In 
other words, the maximum number of bits that will be sent 
to the network within a given time window of length W is 10 
equal to DRS,* W. During a given time window of length W, 
the "drain rate" of the "bucket" is equal to T, which is 
calculated during previous time windows. Thus, data pack- 
ets inserted "above" the conforming bucket depth may be 
labeled as "non-conforming." In other words, for a given 15 
time window, data packets in excess of the total DRS,*W 
number of bits may be labeled as non-conforming data 
packets. In such a situation, some or all of the source data 
packets equal to the difference between S, and T, may be 
labeled as non-conforming data packets, and some or all of 20 
the non-conforming data packets may be dropped. 

This does not mean that data cannot be of a bursty or 
rate-variant nature. Although exemplary embodiments have 
been described as operating using average rates, real-time 
rates may vary within any given time window of length W. 25 
Thus, a certain amount of burstiness of data is allowable. 
This maximum burst size is the maximum number of bits 
that the WAN 1 and/or SPN 500 guarantees to transfer 
during a time window W. 

In further embodiments of the invention, the WAN 1 30 
and/or SPN 500 may provide forward congestion notifica- 
tion to a destination. For example, the WAN 1 and/or SPN 
500 may provide a layer 2 binary indication that the CDR is 
being exceeded by using the frame relay forward explicit 
congestion notification (FECN) bit and/or a layer 3 message 35 
that indicates a non-conforming source and optionally con- 
tains rate information for that source (e.g. the actual trans- 
mitted rate T f and/or the excess rate S.-T^). Furthermore, in 
some embodiments, multiple non-conforming sources might 
be listed, even within a single message. In these forward 40 
congestion notification embodiments, conformance may be 
measured at the network side of a destination. In some 
embodiments, a forward congestion notification may be 
provided to a given destination when the offering rate S,- of 
an active source offering to send traffic to the destination 45 
exceeds the actual network transmission rate T, for the 
source. 

Non-conforming packets that cannot be transmitted on the 
egress port of a source may be dropped with our without any 
indication to the source or destination. To measure conform- 50 
ance of a source, the amount of excess bandwidth available 
to the sources for transmission to the destination should be 
determined. To calculate the excess bandwidth, let W. be the 
j th time window. The excess bandwidth above the fair share 
bandwidth may be computed as 55 

E = CDR - £ min(r f , S t ) - MB, 



wherein M is defined as the number of possible sources from 
which a destination may receive traffic, and wherein B is 
defined as a predetermined reference rate. The introduction 
of reference rate B effectively reserves network bandwidth 
for an inactive source, thus ensuring that a previously 65 
inactive source that becomes active can send at least some 
traffic through the network during time period W,. 
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Specifically, the WAN 1 and/or SPN 500 may ensure that 
each source* s T. is guaranteed to be at least a minimum 
reference rate B. In this situation, a source is considered 
active during W ; - if more than B*W y . units of data (e.g., bits) 
are received during W ; .. It is desirable to define B to be 
relatively small as compared with S,- so as to retain as much 
excess bandwidth as possible, yet still large enough to 
ensure network availability to a non-active source (non- 
sending source with respect to a given destination) that may 
later become active with respect to a given destination. In 
some embodiments, B may be a predetermined rate. In 
further embodiments, B may vary with time, with the 
number of inactive sources, with the number of active 
sources, and/or with the total number of sources. In still 
further embodiments, B for a source may depend upon a 
priority classification assigned to the source. In still further 
embodiments, when a previously inactive source becomes 
active, the priority assigned to the source may depend upon 
the content of the data (e.g., data payload, DLCI, and/or 
address) offered to be sent. Thus, B may not be the same for 
each source. 

Once the excess bandwidth is determined, the maximum 
conforming actual network transmission rates, T,., may be 
calculated. To accomplish this, T ( - for each source may first 
be set by default to min(r„ S f ). Then the excess bandwidth, 
E, may be distributed among some or all of the sources that 
are actively transmitting to the given destination, thus 
adjusting or raising T, for these sources. In some 
embodiments, the excess bandwidth may be uniformly dis- 
tributed among some or all of the active sources. In further 
embodiments, the excess bandwidth may be distributed 
among these sources according to source priority, data 
priority, and/or DLCI. 

In further embodiments, the WAN 1 and/or SPN 500 may 
provide backward congestion notification to a non- 
conforming source. Such notification may be in the form of 
a layer 2 and/or a layer 3 message indicating a destination(s) 
for which the non-conforming source is exceeding T, and/or 
rate information for the non-conforming source (e.g. the 
actual transmitted rate T, and/or the excess rate S--T-). 
However, a layer 2 notification by itself may not be 
preferable, since a source receiving only a layer 2 notifica- 
tion may not be able to distinguish between destinations to 
which the source is conforming and those for which it is not 
conforming. In some embodiments, a backward congestion 
notification may be provided to a given active source when 
the offering rate S ( . of the source exceeds the actual network 
transmission rate T, for the source. In further embodiments, 
a user at a non-conforming source may be notified of 
congestion information, the assigned CDR, DRS„ r t , and/or 
T ( -. In still further embodiments, it may be up to a user to 
decide how to act upon a congestion notification. In even 
further embodiments, a source may reduce its offering rate 
S ( . in response to receiving a backward congestion notifica- 
tion. 

In these backward congestion notification embodiments, 
conformance may be implemented at the network side of the 
source UNI. In such embodiments, feedback concerning the 
destination delivery rate may be required from the destina- 
tion. The feedback may also contain information regarding 
the rate share of the active sources at the destination and/or 
the CDR divided by the aggregate rate. 

While exemplary systems and methods embodying the 
present invention are shown by way of example, it will be 
understood, of course, that the invention is not limited to 
these embodiments. Modifications may be made by those 
skilled in the art, particularly in light of the foregoing 
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teachings. For example, each of the elements of the afore- 
mentioned embodiments may be utilized alone or in com- 
bination with elements of the other embodiments. 
Additionally, although a meshed network is shown in the 
examples, the inventions defined by the appended claims is 
not necessarily so limited. Further, the IP switch may 
convert from any higher level IP like protocol to any 
fast-packet like protocol and is not necessarily limited to the 
ATM/IP example provided above. Furthermore, examples of 
steps that may be performed in the implementation of 
various aspects of the invention are described in conjunction 
with the example of a physical embodiment as illustrated in 
FIG. 5. However, steps in implementing the method of the 
invention are not limited thereto. Additionally, although the 
examples have been derived using the IP protocol for layer 
three, it will be apparent to those skilled in the art that any 
version of IP or IPX could be used as the layer three 
route able protocol. Furthermore, it will be understood that 
while some examples of implementations are discussed 
above regarding IP and ATM protocols, the invention is not 
intended to be limited solely thereto, and other protocols that 
are compatible with aspects of the invention may be used as 
well. 

We claim: 

1. In a fast-packet network, a method of comprising the 
step of: 

managing according to a committed delivery rate at least 
one of a plurality of actual network transmission rates 
for at least one of a plurality of active sources, the 
committed delivery rate being associated with a desti- 
nation; and 

wherein the step of managing includes the step of con- 
trolling a total delivery rate (R) to the destination 
according to the committed delivery rate (CDR) and a 
plurality of offering rates (S) of a first group of the 35 
plurality of active sources i, the active sources in the 
first group offering to send a plurality of data packets to 
the destination, such that: 



R £ CDR if^SjZCDR; 

i 

R = ^-S/ otherwise. 
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mission rate for at least one of the active sources in 
the first group of active sources; and 
determining a fair share rate (r) for at least one of the 
active sources i in the first group of active sources 
according to the destination rate share (DRS) of the 
at least one active source and the committed delivery 
rate (CDR), such that: 



DRSi 



CDR. 
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5. The method of claim 4 wherein the step of managing 
further includes the step of adjusting the actual network 
transmission rate (T) for at least one of the active sources i 
in the first group of active sources according to the offering 
rate (S) of the at least one active source, the fair share rate 
(r) of the at least one active source, and the committed 
delivery rate (CDR), such that: 

when ^ S; £ CDR, 7} a min {r h S;). 



40 



6. The method of claim 5 wherein the step of managing 
further includes the step of identifying at least one of the 
data packets as being nonconforming when the sum of the 
offering rates of the first group of active sources is greater 
than the committed delivery rate. 

7. The method of claim 6 wherein the step of managing 
farther includes the step of dropping at least one of the 
identified data packets. 

8. The method of claim 4 wherein the step of managing 
further includes the step of distributing an excess network 
bandwidth among at least two of the active sources. 

9. The method of claim 8 wherein the step of managing 
further includes the step of determining the excess network 
bandwidth (E) according to the committed data rate (CDR), 
the fair share rates (r), the offering rates (S), a reference rate 
(B), and a total number (M) of sources capable of sending 
data to the destination, such that: 



E = CDR - £ min (r„ 5 ( ) - MB. 



2. The method of claim 1 wherein the step of managing 
further includes the step of identifying at least one of the 
plurality of data packets as being nonconforming when a 
sum of the offering rates of the first group of active sources 

is greater than the committed delivery rate. 50 

3. The method of claim 2 wherein the step of managing 
further includes the step of dropping at least one of the 
identified data packets. 

4. In a fast-packet network, a method comprising the steps 

managing according to a committed delivery rate at least 
one of a plurality of actual network transmission rates 
for at least one of a plurality of active sources, the 
committed delivery rate being associated with a desti- 
nation; 60 

assigning a destination rate share to each of a first group 
of the active sources, the first group of active sources 
offering to send a plurality of data packets to the 
destination; 

wherein the step of managing includes the steps of: 65 
managing according to the destination rate shares of the 
first group of active sources an actual network trans- 



it). The method of claim 8 further including the step of 
determining a maximum conforming actual network trans- 
mission rate for at least one of the active sources according 
to an amount of excess network bandwidth that is distributed 
to the at least one active source. 

11. In a fast-packet network, a method comprising the 
steps of: 

managing according to a committed delivery rate at least 
one of a plurality of actual network transmission rates 
for at least one of a plurality of active sources, the 
committed delivery rate being associated with a desti- 
nation; and 

wherein the step of managing includes the step of noti- 
fying at least one of the active sources of network 
congestion by providing a Layer 2 backward conges- 
tion notification to the at least one active source when 
an offering rate of the at least one active source exceeds 
the actual network transmission rate for the at least one 
active source. 

12. In a fast -packet network, a method comprising the 
steps of: 

managing according to a committed delivery rate at least 
one of a plurality of actual network transmission rates 
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for at least one of a plurality of active sources, the 18. The method of claim 17 wherein the step of uotif ying 
committed delivery rate being associated with a desti- the destination further includes the step of providing infor- 
nation; and mation representing an identity of the first active source, 
wherein the step of managing includes the step of noti- 19 - The method of claim 17 wherein the step of identi- 
fying at least one of the active sources of network * fying the destination further includes the step of providing 
congestion by providing a Layer 3 backward conges- information representing the averaged offering rate of the at 
tion notification to the at least one active source when least one active source and the actual network transmission 
an offering rate of the at least one active source exceeds rate for the at least one active source, 
the actual network transmission rate for the at least one 20 * In a fast-packet network, a method comprising the 
active source. io step of managing according to a plurality of destination rate 

13. The method of claim 12 wherein the step of notifying sbares at least one of a Plurality of actual network transmis- 
the at least one active source further includes the step of sion rates f° r at leas t one of a plurality of active sources, 
providing information representing an identify of the eacn destination rate share being associated with one of the 
destination, the at least one active source offering to send a active sources; and 

plurality of data packets to the destination. 15 wherein the step of managing includes the step of deter- 

14. The method of claim 12 wherein the step of notifying mining a fair share rate (r) for at least one of the active 
the at least one active source further includes the step of sources i in a first group of the plurality of active 
providing information representing the actual network trans- sources according to the destination rate share (DRS) of 
mission rate of the at least one active source. the at least one active source in the first group and a 

15. In a fast -packet network, a method comprising the 20 committed delivery rate (CDR), the active sources in 
steps of: the first group offering to send a plurality of data 

managing according to a committed delivery rate at least packets to a destination, such that: 
one of a plurality of actual network transmission rates 

for at least one of a plurality of active sources, the n _ DfiSt CDfi 

committed delivery rate being associated with a desti- 25 %DRS' t 
nation; 

wherein the step of managing includes the steps of: 

notifying at least one of the active sources of network 21 Ttlc method of claim 20 wherein the step of managing 

congestion by providing a backward congestion noti- farther deludes the step of adjusting the actual network 

fixation to the at least one active source when an 30 transmission rate (T) for at least one of the active sources i 

offering rate of the at least one active source exceeds in the first of active sources according to an offering 

the actual network transmission rate for the at least ' ate ( s ) of the at least onc activc the fair sharc rate 

one active source* and W °* at ^ east onc act i vc source, and the committed 

reducing the offering rate of the at least onc active delivery rate (CDR), such that: 
source responsive to the backward congestion noti- 
fication, when ^S;*CDR f T; £ min(r ( \ £;), 

16. In a fast -packet network, a method comprising the 
steps of: 

managing according to a committed delivery rate at least 4Q 22. The method of claim 21 wherein the step of managing 

one of a plurality of actual network transmission rates fa rihGT i nc i ud es the step of identifying at least one of the 

tor at least one ot a plurality of active sources, the data pac kets as being nonconforming when the sum of the 

committed delivery rate being associated with a desti- offering rates is greater than the committed delivery rate. 

natl0n ' 23. The method of claim 22 wherein the step of managing 

wherein the step of managing includes the step of noti- 45 further includes the step of dropping at least one of the 

fying the destination of network congestion by provid- identified data packets. 

ing a Layer 2 forward congestion notification to the 24. In a fast-packet network, a method comprising the 

destination when an offering rate of at least one of the step of managing according to a plurality of destination rate 

active sources exceeds the actual network transmission shares at least one of a plurality of actual network transmis- 

rate for the at least one active source, the at least one 50 sion rates for at least one of a plurality of active sources, 

active source offering to send a plurality of data packets each destination rate share being associated with one of the 

to the destination. active sources; and 

17. In a fast-packet network, a method comprising the wherein the step of managing includes the step of noti- 
sle P s °* : fying at least one of the active sources of network 

managing according to a committed delivery rate at least 55 congestion by providing a Layer 2 backward conges- 
one of a plurality of actual network transmission rates tion notification to the at least one active source when 
for at least one of a plurality of active sources, the an offering rate of the at least one active source exceeds 
committed delivery rate being associated with a desti- the actual network transmission rate for the at least one 
nation; active source. 

wherein the step of managing includes the step of noti- 60 25. In a fast-packet network, a method comprising the 

fying the destination of network congestion by provid- step of managing according to a plurality of destination rate 

ing a Layer 3 forward congestion notification to the shares at least one of a plurality of actual network transmis- 

destination when an offering rate of at least one of the sion rates for at least one of a plurality of active sources, 

active sources exceeds the actual network transmission each destination rate share being associated with one of the 

rate for the at least one active source, the at least one 65 active sources; and 

active source offering to send a plurality of data packets wherein the step of managing includes the step of noti- 

to the destination. fying at least one of the active sources of network 
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congestion by providing a Layer 3 backward conges- 
tion notification to the at least one active source when 
an offering rate of the at least one active source exceeds 
the actual network transmission rate for the at least one 
active source. 

26. The method of claim 25 wherein the step of notifying 
the at least one active source further includes the step of 
providing information representing an identity of a 
destination, the at least one active source offering to send a 
plurality of data packets to the destination. 

27. The method of claim 25 wherein the step of notifying 10 
the at least one active source further includes the step of 
providing information representing the actual network trans- 
mission rate of the at least one active source. 

28. In a fast -packet network, a method comprising the 
step of managing according to a plurality of destination rate 15 
shares at least one of a plurality of actual network transmis- 
sion rates for at least one of a plurality of active sources, 
each destination rate share being associated with one of the 
active sources; and 

wherein the step of managing includes the step of noti- 
fying a destination of network congestion by providing 20 
a Layer 2 forward congestion notification to the desti- 
nation when an offering rate of at least one of the active 
sources exceeds the actual network transmission rate 
for the at least one active source, the at least one active 
source offering to send a plurality of data packets to the 25 
destination. 
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29. In a fast -packet network, a method comprising the 
step of managing according to a plurality of destination rate 
shares at least one of a plurality of actual network transmis- 
sion rates for at least one of a plurality of active sources, 
each destination rate share being associated with one of the 
active sources; and 

wherein the step of managing includes the step of noti- 
fying a destination of network congestion by providing 
a Layer 3 forward congestion notification to the desti- 
nation when an offering rate of at least one of the active 
sources exceeds the actual network transmission rate 
for the at least one active source, the at least one active 
source offering to send a plurality of data packets to the 
destination. 

30. The method of claim 29 wherein the step of notifying 
the destination further includes the step of providing infor- 
mation representing an identity of the first active source. 

31. The method of claim 29 wherein the step of notifying 
the destination further includes the step of providing infor- 
mation representing the averaged offering rate of the at least 
one active source and the actual network transmission rate 
for the at least one active source. 

***** 
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